<?php
include 'config/config.php';

// Ngan chan nguoi dung di tu ben ngoai thu muc goc
$dir = BASEDIR . $_GET['dir'];
$target = realpath($dir . '/' . $_GET['file']);
if (strpos($target, BASEDIR) !== 0) {
    die();
}

// send the file if it exists
if (file_exists($target) && is_file($target)) {
    header('Content-Type: application/force-download');
    header('Content-Disposition: attachment; filename="' . $_GET['file'] . '";');
    header('Content-Transfer-Encoding: binary');
    header('Content-Length: ' . filesize($target));
    readfile($target);
}
?>
